Steps to take with your next iOS app update after May 1, 2024
Per a February 29 post from Apple, beginning May 1, 2024, developers submitting an app update that leverages commonly used third-party software development kits (SDKs) identified by Apple will be required to update versions of these SDKs to include a privacy manifest and signature.
While the Kochava SDK has not been added to the list of SDKs requiring privacy manifests starting May 1, we recommend that our clients be aware of and start planning for what we believe will become a requirement for all mobile measurement partner (MMP) SDKs in the near future.
Please consult this helpful checklist:
#1 Understand the Impacts of Privacy Manifests
The upcoming change to Apple’s requirements is important for developers utilizing any SDKs, including Kochava iOS SDKs. The introduction of privacy manifests marks a significant shift in how developers manage third-party SDKs within their iOS apps. The core takeaway is the accountability placed on developers for all code within their apps, emphasizing the importance of understanding and managing data collection practices. Privacy manifests empower developers to retain SDK functionality while adhering to privacy standards—requiring user consent for data tracking via the App Tracking Transparency (ATT) framework.
Please find a prior blog post here that provides additional details around the launch of Apple’s privacy manifests.
#2 Pay Special Attention to Tracking Domains
A critical aspect of implementing privacy manifests involves declaring tracking domains. This process entails identifying and declaring any domains that track users through data collected by the app. When a domain is declared, any traffic from the app to the domain is blocked if the user has not been prompted and opted in through the ATT framework. As such, incorrect implementation could unintentionally restrict essential functionalities. For this reason, it’s crucial to work closely with Kochava, and any of your other SDK providers, to ensure correct implementation.
#3 Using a Kochava SDK? Here’s What You Need to Know
Our team has released iOS SDK version 8, which adds a specific tracking module to fully support privacy manifests and the required SDK signature. Tracking domains are automatically built into v8’s privacy manifest file, meaning that developers do not have to declare these domains manually.
Please consult this support documentation, which covers the process for migrating to iOS SDK version 8.
Do you need to upgrade to iOS SDK version 8?
Yes
If you’re prompting iOS users through the ATT framework to gather the IDFA and permission to track, you need to upgrade to iOS SDK version 8.
Apple requires that if you’re gathering the IDFA via an SDK, there must be a privacy manifest with at least one blocked domain, which is included in our optional tracking module’s privacy manifest.
No
If you’re not prompting iOS users through the ATT framework to gather the IDFA and permission to track, you do not need to upgrade to iOS SDK version 8.
You can continue using prior iOS SDKs and relying on first-party measurement for owned media, the AdServices framework for Apple Search Ads, and SKAN for attribution of paid media with other third-party ad networks.
What happens if you choose the wrong path?
If you choose the incorrect path, Apple will simply reject your app submission, and you will know you need a privacy manifest. Your app will not suddenly be removed from the App Store. Contact your client success manager or Support@Kochava.com for guidance along the way.
Important
The rollout of Apple’s privacy manifests continues to evolve, and their list of SDKs is likely to change over time. Be sure to subscribe to our newsletter and keep in close touch with our support team to stay up to date on new developments that may require action on your part.
